[Loudly clearing throat]
As @shamino said, since it’s pointing to an actual siteground IP (no comment on what is behind that IP), I think it’s MUCH more likely to have been some troubleshooting or setup followed at some point in the past than something nefarious. While possible to edit via a command line editor, instructions could have been as simple as a single terminal command like sudo echo "www.example.com 1.2.3.4" >> /etc/hosts to append to that file. Or there’s a System Preference pane I noticed once.
Think this is one where you don’t need to fear how it happened, especially as you mentioned you have been editing this site for years.
One less thing to worry about, a move is more than enough. Good luck
1 Like
It’s actually quite easy to make changes to that file. Over the years it’s been used as an ad blocking mechanism. It’s also been used to prevent Adobe products from checking for a valid license by pirate users. Malware has been known to modify it for a variety of reasons. I can’t say I’ve ever run unto this specific change, so unable to add to what has been speculated on how it happened to you.
2 Likes
Wow! What a great debugging session with a happy conclusion, no less!
As far as how that hosts entry got there, the key thing to note is that Kevan accessed the site sometime over the previous week. What were you doing after that Kevan? 
That said, the hosts file has caused more extended debugging sessions than I care to remember (and it’s never obvious that it’s the hosts file). It’s a gloomy place. . . . 
Dave
4 Likes
I followed this with interest and am glad it got resolved.
The rest of this is off-topic.
Will this work if I am in a user account rather than an admin account but enter an admin password? If there are two or more admin accounts, will any admin password work?
Am I correct that there is a way to launch a Terminal session with admin privileges from a user account? If so, how do I invoke Terminal?
Thanks for the education.
1 Like
@Shamino @schwartz @angusC @gdewaard @alvarnell @Dafuki
Huge apologies to everyone. Looks like the rogue code in the hosts file was added by… me! I checked through my message exchange with SiteGround when I first moved the site to them a year ago, and discovered this:
I am glad to inform you that we have successfully transferred your website to our server. In order to preview your website you can use the hosts file on your local computer. This way, you will point your domain name to your website’s IP address.
The line that should be added to the local Hosts file is as follows:
77.104.133.95 tanamerah.com www.tanamerah.com
So there you have it, in black and white. I’d completely forgotten I’d added that line. The problem arose because recently SiteGround migrated the site to a new server:
On Thursday, June 11, starting from 00:01AM GMT+1 , we will perform an infrastructure upgrade and migrate your site(s) from server uk1005.siteground.eu to a new server with the latest hardware in our new Google facility in London .
Obviously the original server, to which my Mac was pointed, continued to function after the transfer, so I was unaware that the hosts line was still diverting me to it. Until last week that is, when I guess SiteGround shut it down.
Anyway, problem solved—and explained. Thanks again to all your help and comments. May TidBITS, and its readers and contributors, long flourish and prosper.
Best
Kevan
4 Likes
I’d just like say that I’m extremely happy that TidBITS Talk has been able to host this thread. @tidbits17’s problem, even if it turned out to be self-inflicted at a distant point in the past, was mysterious, and the outpouring of highly technical support was great to see. Kudos to you all!
7 Likes
Ditto! This is exactly what TT should be. Not a single negative post, no complaining, no bashing the OP for stupidity, no blaming various companies or products, no side-steps into politics, etc. Just valid suggestions, brainstorming, and theories as to the problem. I was impressed by the OP’s willingness to test and try various solutions, and post updates. Wonderful that the mystery was solved.
For those wondering what kind of discussion list TT is supposed to be, this thread is an ideal example.
8 Likes
Normally no to the first question. You have to be listed in /private/etc/sudoers in order to issue a sudo command which usually only contains the root and admin users. Similar answer to second question. You would have to enter the password of the user issuing a sudo command.
Enter the command “su -” followed by a space and an administrator’s username on this computer. Enter that administrator’s password.
2 Likes
That’s been the tone of TidBITS since I became a subscriber 26 years ago. Adam and Tonya deserve a Pulitzer
4 Likes
Am I correct that there is a way to launch a Terminal session with
admin privileges from a user account? If so, how do I invoke Terminal?
There may be GUI ways, but the easiest is to just open Terminal (in Applications/Utilities) and type:
ssh adminuser@localhost
It will ask for the password to that account.
Thanks for the kind words! I’ve actually looked into this for some of our articles in the past. Never quite got up the gumption to do it, though—the bar is so freaking high given the work that outlets like the New York Times, the New Yorker, the Atlantic, and the Washington Post produce.
4 Likes
Thank you. I have now recorded this answer so I won’t need to ask again, except that I’ll forget where I recorded it…
Thank you. That brings back unix memories from many years ago.
Hi Kevan:
Thread is too long to look at all of the postings. I know when I can’t access my site or files (like tonight) it was because it was blocked at the host end. They cleared my IP and I was back in business. Maybe that is your issue?
Good luck…
Rich
Too bad you didn’t have the time or you would have learned that the problem was solved 4 days ago. Host file on his Mac had been modified by the OP around a year earlier.
1 Like
Two suggestions.
-
Clear your DNS cache.
-
Replace your hosts file.
First, great work “guys”! Also great work by the OP! 
Just a couple of FYI’s:
-
You can do a Traceroute (alonge with several other functions) in the Network Utility app in Mojave (it is possible that I transferred that app from High Sierra, the app shows Version 1.9.2 (115), 2000-2017).
-
Safari also has a “Develop” mode that is enabled by a checkbox in the Advanced tab of its Prefs. That offers another way to empty Caches and it also has a multitude of other functions, including a Console.
-
You may actually also have a Hosts file at your website space. If you did not add it yourself, it was probably created by your friendly Support Techs. Just be aware that they can easily create/edit that file. They should only do that with your permission, but it is wise to check to see exactly what they may have done. It should show up in the list of files on the server.
1 Like